#!/usr/bin/env python# Copyright 2008-2009 LShift Ltd# WARNING# This script completely destroys your ~/.ssh/authorized_keys# file every time it is run# WARNINGimport sysimport osimport os.pathimport rulesetimport subprocessif len(sys.argv) <= 3: sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv) sys.exit(-1)akeyfile = sys.argv[1]wrappercommand = sys.argv[2]prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='if os.path.exists(akeyfile): f = open(akeyfile) try: for l in f: if not l.startswith(prefix): raise Exception("Safety check failed, delete %s to continue" % akeyfile) finally: f.close()akeys = open(akeyfile + "_new", "w")for keyroot in sys.argv[3:]: kr = keyroot + "/" #print "Processing keyroot", keyroot for root, dirs, files in os.walk(keyroot): for fn in files: ffn = os.path.join(root, fn) if not ffn.startswith(kr): raise Exception("Inconsistent behaviour in os.walk, bailing") #print "Processing file", ffn keyname = ffn[len(kr):] if not ruleset.goodpath(keyname): # ignore any path that contains dodgy characters #print "Ignoring file", ffn continue p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), stdout=subprocess.PIPE, stderr=subprocess.PIPE) newkey = p.communicate()[0] if p.wait() == 0: klines = [l.strip() for l in newkey.split("\n")] else: # Conversion failed, read it directly. kf = open(ffn) try: klines = [l.strip() for l in kf] finally: kf.close() for l in klines: if len(l): akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l))akeys.close()os.rename(akeyfile + "_new", akeyfile)